Overview

overview

10

Static

static

file.exe

windows7-x64

3

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.5MB

  • Sample

    221228-qbh7ksad97

  • MD5

    75ae21ffb444c99cb63f0d9abaa648b2

  • SHA1

    d3666f32224c5244e7d098773af3679f5ab03db4

  • SHA256

    c0dc0167c70151a4f5311b40d638628e311d3a0f17320515897c7d96ad755968

  • SHA512

    8ee59828d0dbdd63747c49a74d99efd024ffc4cab1fd531eac5a9e57cc539799adcee7586617ff2b5e47dcc7224518dfbd8bcfb7dbf7effb48a0d05d0a7b85ec

  • SSDEEP

    24576:yAiKf8LZFNvGPSj4jzmQuiOi07JuutJRh4Emqmmq/mh9mITmkQS:yIOvTQSguXtFQS

Score
10/10
vidar724spywarestealer

Malware Config

Extracted

Family

vidar

Version

1.7

Botnet

724

C2

https://t.me/robloxblackl

https://steamcommunity.com/profiles/76561199458928097
Attributes
  • profile_id

    724

Targets

    • Target

      file.exe

    • Size

      1.5MB

    • MD5

      75ae21ffb444c99cb63f0d9abaa648b2

    • SHA1

      d3666f32224c5244e7d098773af3679f5ab03db4

    • SHA256

      c0dc0167c70151a4f5311b40d638628e311d3a0f17320515897c7d96ad755968

    • SHA512

      8ee59828d0dbdd63747c49a74d99efd024ffc4cab1fd531eac5a9e57cc539799adcee7586617ff2b5e47dcc7224518dfbd8bcfb7dbf7effb48a0d05d0a7b85ec

    • SSDEEP

      24576:yAiKf8LZFNvGPSj4jzmQuiOi07JuutJRh4Emqmmq/mh9mITmkQS:yIOvTQSguXtFQS

    Score
    10/10
    vidar724spywarestealer

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Loads dropped DLL

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks